O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Master Key Encryption

The previous examples generated random keys to encrypt data. Creating a random master key to encrypt data leaves you with one key problem (no pun intended); how to protect that encryption key. As you’ve learned, the device’s keychain can be compromised, making it less of a viable solution. The master encryption key must be stored somewhere, but it must also be protected. As you’ve learned in previous chapters, good encryption implementations incorporate the use of user input as a meant to unlock the encryption. This ensures that the encryption depends on both “something you have” (the data and encrypted master key) and “something you know” (a passphrase). Key derivation functions (or KDFs) derive one or more keys from a secret value, such as a passphrase or password. KDFs are capable of accepting a secret input value and then crunch it through a series of permutations to derive an encryption key of the desired size. This key can then be used to encrypt a master encryption key.

You may be wondering what the purpose of using a master encryption key is, rather than simply using a derived key as an encryption key. A master encryption key, which is usually randomly generated as in the previous examples, never needs to change if it is protected at all times. If the user should change his password, the master key can simply be re-encrypted with the new derived key, whereas you’d have to re-encrypt all of the user’s data if the password were tied directly to the encrypted ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required